My ongoing research projects are aimed
at Hardware Security and Hardware Assurance. My
first project here was EU funded G3Card
project aimed to design a new generation of smartcard chips. This project was finished in January 2003
and since then I had independent research grants from various industrial sponsors and collaborators.

I am invited from time to time to give lectures about my research achievements. The usual places are
security-related workshops and other universities. Please refer to my publications section for the full
list.

I now have a dedicated teaching course on Hardware Security aimed at industrial engineers and
graduate students. It covers the following subjects: Introduction to Hardware Security; Common mistakes
in the design of secure hardware; Data remanence effects in memory; Imaging techniques and Optical
attacks; Side-channel attacks; Lessons, Countermeasures and Defence technologies. The course was well
received by various people from industry and academia. I now have a contract with a large industrial chip
manufacturing company for running yearly teaching course for their design engineers during the next five
years.

As an initial reading on the hardware security subject I recommend my PhD thesis and a
book "Introduction to Hardware Security and Trust" to which I contributed on Physical
Security (Chapter 7). For further reading please see my publications list. Also latest research
achievements in that area are usually published at the following conferences: CHES, HOST, FDTC, COSADE
and CARDIS.

Usually new areas of research require additional work force. For that collaborators from industry and academia
are sought and new grant applications are submitted. Should a new postdoc position be open this will be announced
at the University Job site.

What's New

I have been criticised a lot about the fact that most of the chips I analyse
and publish successful attacks on, are built with 0.7-micron or even 0.9-micron
technology. This is now changed, meaning that chips I use in my new research
investigations are built with at least 0.5-micron technology (still popular
in some secure chips) and some tests applied down to 90nm chips, with some
interesting results recently published on 0.13-micron chips.

I was contacted many times in the past with questions about consulting
projects I can perform here in the lab. It was mainly caused by rapidly
growing concerns about hardware security of semiconductor products (mostly
microcontrollers, CPLDs and FPGAs) and growing intellectual property
theft in Asian countries where most outsourcing is taking place. Some
projects were aimed on finding security flaws in existing devices in order
to improve their security or to select the most secure parts from a list.
Other projects were dedicated for teaching and educating personnel. While
other projects were about developing of certain attack techniques.
More information on the types of research projects
and possible collaboration with industry.

Upcoming events (soonest first)

The cause of embedded systems sporadic failures was found and this could have very serious consequences. You might have come across situations when some microcontroller-based systems started behaving odd or stopped working. This might be home appliances, cars, industrial equipment etc. It seems that a serious reliability issue was overlooked and we might see more systems and devices starting to behave unpredictably or going off. If it is a toaster or microwave oven you can cope, but what about old electronic equipment used in cars, avionics and industrial infrastructure? Draft report will be published soon.

Past events (latest first)

I gave a talk at the Security Group seminar on 13 May 2014 (slides: Security, Reliability and Backdoors).
I presented my research into backdoors present in hardware or embedded firmware causing a potential
security threat. However, the reason for their existence is questionable. In this talk implications
imposed by backdoors on real systems were presented at various levels from silicon hardware (SoC FPGA ),
through embedded firmware (Smartcard) to system software (Industrial controller). I showed how the
backdoors can be found and exploited. The aim of this talk was to raise a discussion about the influence
of backdoors on security and reliability.

Practical use of fault-injection
attacks. We introduced these attacks in 2002. Unfortunately
they have still not been properly investigated. Research is needed to
estimate the requirements on these attacks for each chip manufacturing
technology and possible success rate. We are currently setting up the
equipment necessary for this research. Some of the results are very
likely to be published in 2011 once new special equipment has arrived.

Status: ongoing research project

Practical reverse engineering of programmable logic chips. It is
strongly believed that CPLDs and FPGAs offer superior IP protection by design as
there is no sequential programming execution flow and the device functionality
is obscured using proprietary encoding. The question is how far an attacker can
go by observing the device configuration process and analysing the differences.

Status: proposed research project

Data remanence in EEPROM and Flash memory devices under special
conditions. Additional directions for my previous research on data
remanence in semiconductor memory devices.

Advanced EMA attacks. Research into combining of EMA
attacks with semi-invasive methods.

Status: proposed research project

High-resolution power analysis. Research into improving
effectiveness of power analysis attacks by using special data
acquisition, measurement and post-processing techniques.

Status: ongoing research project

Using nanotechnologies for hardware security analysis.
Current trends in the miniaturisation of electronic devices demand the
ability to understand the structure and properties on the deep
submicron level (latest technology is 28nm and 20nm is already
proposed). Recent achievements in scanning probe microscopy allow us
to observe many characteristics of semiconductor chip surface such as
landscape (with atomic force microscopy), doping concentration (with
scanning capacitance microscopy), resistance (with scanning spreading
resistance microscopy), magnetic field (with magnetic force
microscopy), temperature (with scanning thermal microscopy), and many
others. We need research to estimate how much information could be
extracted from silicon chips by using such technologies. This research
might involve designing and building some special microscopes. As such
research requires large investments in equipment, it is difficult to
predict when it will be started.

My other research is more about a general evaluation of
different memory structures against all kind of attacks, rather than
testing any particular samples. As I expected long time ago (it was
announced by me in 1999) Flash and EEPROM memories are not very good
candidates for hardware security on their own, unless special
attention was taken into data flow control and interface protocols. It
was also suggested in my popular article on copy protection in
microcontrollers with its first edition in year 2000. Much more
information about various problems in EPROM, EEPROM and Flash memories
are in my Ph.D. thesis which is available for public. My further research
will involve detailed investigation in different Flash/EEPROM memory
cells as well as in antifuse cells which are believed to be highly secure
and my personal opinion is that it was not properly proved and
tested. The next step would be learning and testing FRAM and MRAM
memory structures as they are considered to be a highly secure
replacement to Flash and EEPROM memories.

Past projects

Development and debugging of microcontroller based secure
fiscal memory card for Cash Control Monitor (Master thesis project
in University)

System for ophthalmic rehabilitation based on Nintendo Game
Console (Co-authorship in patent invention)

I always reply to personal emails. But sometimes due to server
problems or spam filters mail could be lost. Therefore please resend
your message if I have not replied within one week. In case of
important messages I would prefer you to forward a copy of your letter
to my HushMail address. Please avoid using HTML format in your emails
(such messages are very likely to be filtered out) and ask my
permission if you want to attach any files to your emails.

Publications

Please do not copy any of my publications onto your own Internet
server for public access without explicit permission. If you want to
refer to any of my texts, please use a hyperlink to my original and
not a copy. I update these texts frequently and I want to prevent the
confusion that arises if people read somewhere else obsolete versions
that are not under my control.